USN-6666-1: libuv vulnerability
Severity
medium
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 22.04
It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks. Update Instructions: Run `sudo pro fix USN-6666-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libuv1-dev - 1.34.2-1ubuntu1.5 libuv1 - 1.34.2-1ubuntu1.5 No subscription required.
Fixed and Unaffected VMware Products and Versions
- Cflinixfs4
- 1.79.0 or greater
- Jammy Stemcells
- 1.404 or greater
- CF Deployment
- All unaffected
- Isolation Segment
- 4.0.19+LTS-T or greater
- 5.0.9 or greater
- 6.0.x unaffected
- VMware Tanzu Applications Service for VMs
- 4.0.19+LTS-T or greater
- 5.0.9 or greater
- 6.0.x unaffected
- MySQL for VMware Tanzu
- 3.3.x unaffected
- Operations Manager
- 3.0.25+LTS-T or greater
References
https://ubuntu.com/security/notices/USN-6666-1
https://www.cloudfoundry.org/blog/usn-6666-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6666-1
History
2024-02-28: Initial vulnerability report published.